User.php

Go to the documentation of this file.

<?php
namespace Magento\User\Model;

use Magento\Backend\Model\Auth\Credential\StorageInterface;
use Magento\Framework\App\ObjectManager;
use Magento\Framework\Model\AbstractModel;
use Magento\Framework\Exception\AuthenticationException;
use Magento\Framework\Serialize\Serializer\Json;
use Magento\User\Api\Data\UserInterface;
use Magento\User\Model\Spi\NotificationExceptionInterface;
use Magento\User\Model\Spi\NotificatorInterface;
use Magento\Framework\App\DeploymentConfig;

class User extends AbstractModel implements StorageInterface, UserInterface
{
    const XML_PATH_FORGOT_EMAIL_TEMPLATE = 'admin/emails/forgot_email_template';

    const XML_PATH_FORGOT_EMAIL_IDENTITY = 'admin/emails/forgot_email_identity';

    const XML_PATH_USER_NOTIFICATION_TEMPLATE = 'admin/emails/user_notification_template';

    const XML_PATH_RESET_PASSWORD_TEMPLATE = 'admin/emails/reset_password_template';

    const MESSAGE_ID_PASSWORD_EXPIRED = 'magento_user_password_expired';

    protected $_eventPrefix = 'admin_user';

    protected $_role;

    protected $_hasResources = true;

    protected $_userData = null;

    protected $_config;

    protected $_validatorObject;

    protected $_roleFactory;

    protected $_encryptor;

    protected $_transportBuilder;

    protected $_storeManager;

    protected $validationRules;

    private $serializer;

    private $notificator;

    private $deploymentConfig;

    public function __construct(
        \Magento\Framework\Model\Context $context,
        \Magento\Framework\Registry $registry,
        \Magento\User\Helper\Data $userData,
        \Magento\Backend\App\ConfigInterface $config,
        \Magento\Framework\Validator\DataObjectFactory $validatorObjectFactory,
        \Magento\Authorization\Model\RoleFactory $roleFactory,
        \Magento\Framework\Mail\Template\TransportBuilder $transportBuilder,
        \Magento\Framework\Encryption\EncryptorInterface $encryptor,
        \Magento\Store\Model\StoreManagerInterface $storeManager,
        UserValidationRules $validationRules,
        \Magento\Framework\Model\ResourceModel\AbstractResource $resource = null,
        \Magento\Framework\Data\Collection\AbstractDb $resourceCollection = null,
        array $data = [],
        Json $serializer = null,
        DeploymentConfig $deploymentConfig = null,
        ?NotificatorInterface $notificator = null
    ) {
        $this->_encryptor = $encryptor;
        parent::__construct($context, $registry, $resource, $resourceCollection, $data);
        $this->_userData = $userData;
        $this->_config = $config;
        $this->_validatorObject = $validatorObjectFactory;
        $this->_roleFactory = $roleFactory;
        $this->_transportBuilder = $transportBuilder;
        $this->_storeManager = $storeManager;
        $this->validationRules = $validationRules;
        $this->serializer = $serializer
            ?: ObjectManager::getInstance()->get(Json::class);
        $this->deploymentConfig = $deploymentConfig
            ?: ObjectManager::getInstance()->get(DeploymentConfig::class);
        $this->notificator = $notificator
            ?: ObjectManager::getInstance()->get(NotificatorInterface::class);
    }

    protected function _construct()
    {
        $this->_init(\Magento\User\Model\ResourceModel\User::class);
    }

    public function __sleep()
    {
        $properties = parent::__sleep();
        return array_diff(
            $properties,
            [
                '_eventManager',
                '_userData',
                '_config',
                '_validatorObject',
                '_roleFactory',
                '_encryptor',
                '_transportBuilder',
                '_storeManager',
                '_validatorBeforeSave',
                'validationRules',
                'serializer',
                'deploymentConfig',
                'notificator'
            ]
        );
    }

    public function __wakeup()
    {
        parent::__wakeup();
        $objectManager = \Magento\Framework\App\ObjectManager::getInstance();
        $this->serializer = $objectManager->get(Json::class);
        $this->_eventManager = $objectManager->get(\Magento\Framework\Event\ManagerInterface::class);
        $this->_userData = $objectManager->get(\Magento\User\Helper\Data::class);
        $this->_config = $objectManager->get(\Magento\Backend\App\ConfigInterface::class);
        $this->_registry = $objectManager->get(\Magento\Framework\Registry::class);
        $this->_validatorObject = $objectManager->get(\Magento\Framework\Validator\DataObjectFactory::class);
        $this->_roleFactory = $objectManager->get(\Magento\Authorization\Model\RoleFactory::class);
        $this->_encryptor = $objectManager->get(\Magento\Framework\Encryption\EncryptorInterface::class);
        $this->_transportBuilder = $objectManager->get(\Magento\Framework\Mail\Template\TransportBuilder::class);
        $this->_storeManager = $objectManager->get(\Magento\Store\Model\StoreManagerInterface::class);
        $this->validationRules = $objectManager->get(UserValidationRules::class);
        $this->deploymentConfig = $objectManager->get(DeploymentConfig::class);
        $this->notificator = $objectManager->get(NotificatorInterface::class);
    }

    public function beforeSave()
    {
        $data = [
            'extra' => $this->serializer->serialize($this->getExtra()),
        ];

        if ($this->_willSavePassword()) {
            $data['password'] = $this->_getEncodedPassword($this->getPassword());
        }

        if ($this->getIsActive() !== null) {
            $data['is_active'] = intval($this->getIsActive());
        }

        $this->addData($data);

        return parent::beforeSave();
    }

    protected function _willSavePassword()
    {
        return $this->isObjectNew() || $this->hasData('password') && $this->dataHasChangedFor('password');
    }

    protected function _getValidationRulesBeforeSave()
    {
        $validator = $this->_validatorObject->create();
        $this->validationRules->addUserInfoRules($validator);

        // Add validation rules for the password management fields
        if ($this->_willSavePassword()) {
            $this->validationRules->addPasswordRules($validator);
            if ($this->hasPasswordConfirmation()) {
                $this->validationRules->addPasswordConfirmationRule($validator, $this->getPasswordConfirmation());
            }
        }
        return $validator;
    }

    public function validate()
    {
        $validator = $this->_validatorObject->create();
        $this->validationRules->addUserInfoRules($validator);

        if (!$validator->isValid($this)) {
            return $validator->getMessages();
        }

        return $this->validatePasswordChange();
    }

    protected function validatePasswordChange()
    {
        $password = $this->getPassword();
        if ($password && !$this->getForceNewPassword() && $this->getId()) {
            $errorMessage = __('Sorry, but this password has already been used. Please create another.');
            // Check if password is equal to the current one
            if ($this->_encryptor->isValidHash($password, $this->getOrigData('password'))) {
                return [$errorMessage];
            }

            // Check whether password was used before
            foreach ($this->getResource()->getOldPasswords($this) as $oldPasswordHash) {
                if ($this->_encryptor->isValidHash($password, $oldPasswordHash)) {
                    return [$errorMessage];
                }
            }
        }
        return true;
    }

    public function afterSave()
    {
        $this->_role = null;
        return parent::afterSave();
    }

    public function saveExtra($data)
    {
        if (is_array($data)) {
            $data = $this->serializer->serialize($data);
        }
        $this->_getResource()->saveExtra($this, $data);
        return $this;
    }

    public function getRoles()
    {
        return $this->_getResource()->getRoles($this);
    }

    public function getRole()
    {
        if (null === $this->_role) {
            $this->_role = $this->_roleFactory->create();
            $roles = $this->getRoles();
            if ($roles && isset($roles[0]) && $roles[0]) {
                $this->_role->load($roles[0]);
            }
        }
        return $this->_role;
    }

    public function deleteFromRole()
    {
        $this->_getResource()->deleteFromRole($this);
        return $this;
    }

    public function roleUserExists()
    {
        $result = $this->_getResource()->roleUserExists($this);
        return is_array($result) && count($result) > 0 ? true : false;
    }

    public function sendPasswordResetConfirmationEmail()
    {
        $this->notificator->sendForgotPassword($this);

        return $this;
    }

    public function sendPasswordResetNotificationEmail()
    {
        $this->sendNotificationEmailsIfRequired();
        return $this;
    }

    public function sendNotificationEmailsIfRequired()
    {
        if ($this->isObjectNew()) {
            //Notification about a new user.
            $this->notificator->sendCreated($this);
        } elseif ($changes = $this->createChangesDescriptionString()) {
            //User changed.
            $this->notificator->sendUpdated($this, explode(', ', $changes));
        }

        return $this;
    }

    protected function createChangesDescriptionString()
    {
        $changes = [];

        if ($this->getEmail() != $this->getOrigData('email') && $this->getOrigData('email')) {
            $changes[] = __('email');
        }

        if ($this->getPassword()
            && $this->getOrigData('password')
            && $this->getPassword() != $this->getOrigData('password')) {
            $changes[] = __('password');
        }

        if ($this->getUserName() != $this->getOrigData('username') && $this->getOrigData('username')) {
            $changes[] = __('username');
        }

        return implode(', ', $changes);
    }

    protected function sendUserNotificationEmail($changes, $email = null)
    {
        $this->notificator->sendUpdated($this, explode(', ', $changes));

        return $this;
    }

    public function getName($separator = ' ')
    {
        return $this->getFirstName() . $separator . $this->getLastName();
    }

    public function getAclRole()
    {
        return $this->getRole()->getId();
    }

    public function authenticate($username, $password)
    {
        $config = $this->_config->isSetFlag('admin/security/use_case_sensitive_login');
        $result = false;

        try {
            $this->_eventManager->dispatch(
                'admin_user_authenticate_before',
                ['username' => $username, 'user' => $this]
            );
            $this->loadByUsername($username);
            $sensitive = $config ? $username == $this->getUserName() : true;
            if ($sensitive && $this->getId()) {
                $result = $this->verifyIdentity($password);
            }

            $this->_eventManager->dispatch(
                'admin_user_authenticate_after',
                ['username' => $username, 'password' => $password, 'user' => $this, 'result' => $result]
            );
        } catch (\Magento\Framework\Exception\LocalizedException $e) {
            $this->unsetData();
            throw $e;
        }

        if (!$result) {
            $this->unsetData();
        }
        return $result;
    }

    public function verifyIdentity($password)
    {
        $result = false;
        if ($this->_encryptor->validateHash($password, $this->getPassword())) {
            if ($this->getIsActive() != '1') {
                throw new AuthenticationException(
                    __(
                        'The account sign-in was incorrect or your account is disabled temporarily. '
                        . 'Please wait and try again later.'
                    )
                );
            }
            if (!$this->hasAssigned2Role($this->getId())) {
                throw new AuthenticationException(__('More permissions are needed to access this.'));
            }
            $result = true;
        }
        return $result;
    }

    public function login($username, $password)
    {
        if ($this->authenticate($username, $password)) {
            $this->getResource()->recordLogin($this);
        }
        return $this;
    }

    public function reload()
    {
        $userId = $this->getId();
        $this->setId(null);
        $this->load($userId);
        return $this;
    }

    public function loadByUsername($username)
    {
        $data = $this->getResource()->loadByUsername($username);
        if ($data !== false) {
            $this->setData($data);
            $this->setOrigData();
        }
        return $this;
    }

    public function hasAssigned2Role($user)
    {
        return $this->getResource()->hasAssigned2Role($user);
    }

    protected function _getEncodedPassword($password)
    {
        return $this->_encryptor->getHash($password, true);
    }

    public function changeResetPasswordLinkToken($newToken)
    {
        if (!is_string($newToken) || empty($newToken)) {
            throw new \Magento\Framework\Exception\LocalizedException(
                __('The password reset token is incorrect. Verify the token and try again.')
            );
        }
        $this->setRpToken($newToken);
        $this->setRpTokenCreatedAt((new \DateTime())->format(\Magento\Framework\Stdlib\DateTime::DATETIME_PHP_FORMAT));

        return $this;
    }

    public function isResetPasswordLinkTokenExpired()
    {
        $linkToken = $this->getRpToken();
        $linkTokenCreatedAt = $this->getRpTokenCreatedAt();

        if (empty($linkToken) || empty($linkTokenCreatedAt)) {
            return true;
        }

        $expirationPeriod = $this->_userData->getResetPasswordLinkExpirationPeriod();

        $currentTimestamp = (new \DateTime())->getTimestamp();
        $tokenTimestamp = (new \DateTime($linkTokenCreatedAt))->getTimestamp();
        if ($tokenTimestamp > $currentTimestamp) {
            return true;
        }

        $hourDifference = floor(($currentTimestamp - $tokenTimestamp) / (60 * 60));
        if ($hourDifference >= $expirationPeriod) {
            return true;
        }

        return false;
    }

    public function hasAvailableResources()
    {
        return $this->_hasResources;
    }

    public function setHasAvailableResources($hasResources)
    {
        $this->_hasResources = $hasResources;
        return $this;
    }

    public function getFirstName()
    {
        return $this->_getData('firstname');
    }

    public function setFirstName($firstName)
    {
        return $this->setData('firstname', $firstName);
    }

    public function getLastName()
    {
        return $this->_getData('lastname');
    }

    public function setLastName($lastName)
    {
        return $this->setData('lastname', $lastName);
    }

    public function getEmail()
    {
        return $this->_getData('email');
    }

    public function setEmail($email)
    {
        return $this->setData('email', $email);
    }

    public function getUserName()
    {
        return $this->_getData('username');
    }

    public function setUserName($userName)
    {
        return $this->setData('username', $userName);
    }

    public function getPassword()
    {
        return $this->_getData('password');
    }

    public function setPassword($password)
    {
        return $this->setData('password', $password);
    }

    public function getCreated()
    {
        return $this->_getData('created');
    }

    public function setCreated($created)
    {
        return $this->setData('created', $created);
    }

    public function getModified()
    {
        return $this->_getData('modified');
    }

    public function setModified($modified)
    {
        return $this->setData('modified', $modified);
    }

    public function getIsActive()
    {
        return $this->_getData('is_active');
    }

    public function setIsActive($isActive)
    {
        return $this->setData('is_active', $isActive);
    }

    public function getInterfaceLocale()
    {
        return $this->_getData('interface_locale');
    }

    public function setInterfaceLocale($interfaceLocale)
    {
        return $this->setData('interface_locale', $interfaceLocale);
    }

    public function performIdentityCheck($passwordString)
    {
        try {
            $isCheckSuccessful = $this->verifyIdentity($passwordString);
        } catch (\Magento\Framework\Exception\AuthenticationException $e) {
            $isCheckSuccessful = false;
        }
        $this->_eventManager->dispatch(
            'admin_user_authenticate_after',
            [
                'username' => $this->getUserName(),
                'password' => $passwordString,
                'user' => $this,
                'result' => $isCheckSuccessful
            ]
        );
        // Check if lock information has been updated in observers
        $clonedUser = clone($this);
        $clonedUser->reload();
        if ($clonedUser->getLockExpires()) {
            throw new \Magento\Framework\Exception\State\UserLockedException(
                __('Your account is temporarily disabled. Please try again later.')
            );
        }

        if (!$isCheckSuccessful) {
            throw new \Magento\Framework\Exception\AuthenticationException(
                __('The password entered for the current user is invalid. Verify the password and try again.')
            );
        }

        return $this;
    }
}